27 app developers in the Google Play store Are Hackers || Be Careful ?

Update April 22: Google has finally removed all but 1 of these 2NAD apps from the Play store. The only app remaining from this network is Video Editor, Video Maker With Music Photos & Text, which previously was published by the developer Jacinto Macias, but now has been changed to a new developer, Alla Morning. However, if you have any of these apps (listed at the end of the article) on your phone, you should delete them immediately.

Our new research discovered that there’s a secret group of at least 27 app developers, with 101 apps in total for a combined 69 million installs, that seem to be connected, apparently copying each others’ apps, stealing apps from popular developers, and committing other fraud.

There’s much about this strange network that is unknown. Because they seem to share what’s become our initial connection – their app developer names consist of two parts, mostly Western names – we’ve termed this group as a two-name app developer network, or 2NAD for short. 

Besides the names, we’ve discovered that: 

  • These apps are asking for an immense amount of dangerous permissions that unnecessarily put users’ risk in danger
  • These 2NAD developers have the same Privacy Policy, copies of which are all published on Google Docs. 
  • The websites listed for each app are all based on the same incomplete Firebase “website,” all with the same URL structure. The link to the website is a shortened bit.ly link 
  • When we looked at the APKs, there were obvious duplicates between the 2NAD network
  • Some APKs were clearly stolen from other, more popular app developers outside the 2NAD network
  • When comparing these duplicate or stolen apps side-by-side, the duplication becomes easy to see

Below, we go through each connection with detailed proofs. In general, however, there’s a huge problem with this 2NAD network. First of all, duplicating each others’ apps, or stealing other developers’ apps, is most likely against Google’s Android policies.

Additionally, these apps are also violating other Android policies, which include 

  • Misrepresentation, since they mislead their users and participate in a “coordinated activity to mislead users” by not notifying the users that they are probably part of the same network 
  • Repetitive Content, which doesn’t allow apps that have highly similar (in our research, nearly 100% similar) functions, content and user experience  
  • Made for Ads policy, which doesn’t allow apps whose primary purpose seem to be just to serve ads

Beyond that, it is bad for the user, since cloned/stolen apps may, in the best case scenario, provide users with a poor user experience, especially when it’s flooded with ads. In the worst case scenario, these apps can later become vehicles for malicious purposes, including stolen data or other malware.

For that reason, we recommend deleting any of the 101 apps found within the 2NAD network (we list all the 101 apps and 27 app developers at the end of the article).

About this research

In order to carry out this research, we looked at suspicious apps that met our first connection – the app developers having two names. After that, we filtered apps based on whether they share one of the other connections mentioned above. The initial data was gathered in January 2020. Since that time, some app names may have changed, and apps may have been removed from the Play store for various reasons.

High amount of dangerous permissions

Below, we’ll look at the proofs related to the connections of these
2NAD developers. However, these apps are asking for a huge amount of
dangerous permissions that, if abused, can lead to stolen data and other serious breaches of user privacy.

In
order to concisely analyze the types of permissions requested, we
looked only at those apps that have at least 10,000 installs, which
totalled 58 apps.

So what are the most requested permissions here?

Pe

Permission nameNo. requested

android.permission.WRITE_EXTERNAL_STORAGE                                    
53android.permission.READ_EXTERNAL_STORAGE44android.permission.CAMERA32android.permission.READ_PHONE_STATE28android.permission.RECORD_AUDIO24android.permission.ACCESS_COARSE_LOCATION10android.permission.ACCESS_FINE_LOCATION7android.permission.WRITE_CONTACTS3android.permission.READ_CALENDAR2android.permission.CALL_PHONE2android.permission.USE_SIP1android.permission.BODY_SENSORS1
 
 

As you can see, the most requested dangerous permissions are related to reading and writing storage, which can already pose some privacy and security problems. That’s because those permissions allow apps the ability to scan all your files — including your images, videos, documents, and more — as well as save any files to your device.

However, only by looking at the permissions by app can you get the full picture of the privacy and security risks here. Let’s take some examples:

  • A call recorder app that wants permission to take pictures and record video
  • A calculator app that asks for permission to your camera and your phone state, which allows them to see your cellular network information, phone accounts, and status of calls
  • A dual account app that wants to access your GPS, your camera, your microphone, body sensors, your calendar, to see and edit your contacts, to see and edit your files, check your phone status, and much more
  • A photo editor that wants to record audio
  • A memory booster that wants your exact location
  • A phone cooler that wants to see and edit your files, get your location and read your phone status

These bizarre permissions have nothing to do with the core function of the app. So why are these apps requesting them?

Optimistically, they just want to make as much money from you as possible.

As mentioned before in our research on dangerous beauty camera apps, app developers can make a hefty amount of money by selling your data to advertisers directly, or indirectly to data brokers. One data broker pays developers about $4/month for just 1,000 active users, which can come up to $8,000/month if they have even 1 million active users. (The total installs for the 2NAD network is almost 70 million, by the way, which can give the network a revenue of $10,000-$976,000 per month.)

Pessimistically, these apps could be stealing your data or enabling malicious content to enter your device. This is compounded by the fact that these apps are hiding their connection and operating from an unknown source. 

One worst case scenario is that apps can launch ransomware once users have granted them the necessary permissions, make secret phone calls, or sell user data on the black market. They could even be harvesting user data and collecting them in secret servers.

In general, because these apps are already participating in risky behaviors that potentially violate Google’s Android policies, it’s best that users delete these apps immediately to mitigate all risks.

Proof #1 Each developer has a two-part name

The major reason that we’ve gotten to calling this network the 2NAD network is because each of these developers has two names as their developer name – seemingly a first name and last name.

While this by itself is not suspicious, it’s the first thing that caught my eye while I was looking through apps on the Play store. While the app names seem Western, the actual apps seem to be made for an Asian audience, such as makeup apps, Asian-inspired filters and the promotional materials for these apps.

Here’s a sample of these app developer names:

  • Alex Joe (10 million installs)
  • Virgilo Malley (7 million installs)
  • Arrow Frankie (6 million installs)
  • Armel Bilton (6 million installs)
  • Daniel Malley (1.3 million installs)
  • Hudson Parker (3 million installs)
  • Noble Gracious (2 million installs)

(Of the 27 2NAD developers, only two names do not fit this pattern: ProCam – HD Camera and Fruit VPN – Better Connect.)

These names seem to have been created by an online name generator.

Proof #2 The same Privacy Policies with slight name changes

The second big red flag, which became our first filter, was the fact that the Privacy Policies for 2NAD apps were all bit.ly links leading to the same published Google Doc.

The only difference between these Privacy Policies was the name of the listed app developer.

Proof #3 The same URL structure for these apps’ “websites”

When a website is listed for a 2NAD app, it leads to a Firebase hosting URL, which (like the privacy policy) is a free Google service.

The URL structure is invariably: [app-name].web.app.

These “websites” are also not finished, all with the same message: “You’re seeing this because you’ve successfully setup Firebase Hosting. Now it’s time to go build something extraordinary!”

Left: Face Makeup Camera & Beauty Photo Makeup Editor by Alex Joe (10 million installs); Right: Mod for Minecraft, Mods For Minecraft Animals by Daniel Malley (1 million installs)

Left: Video Editor, Video Maker With Music Photos & Text by Hudson Parker (1 million installs); Right: Beauty Camera Makeup Face Selfie, Photo Editor by Virgilo Malley (1 million installs)

Proof #4 Stolen apps visible when comparing app UI

Some of these 2NAD apps seem to have explicitly and unashamedly cloned entire apps from other popular app developers. To be “unique,” they’ve simply changed certain colors and button styles. 

However, the UI and functions are pretty much the same. For example, while looking through the APK for Daniel Malley’s Glitch Effect Video, Photo Editor Grainy Effect, I came across the email address “videostudio.feedback@gmail.com”.

While we initially expected some readme text from github libraries, this email address actually belonged to a competing and very popular app developer called InShot Inc. When I looked through that developer’s apps, I noticed a similar app that provided glitch effects for videos. I installed both and compared them visually.

And these are UI screenshots from the 2NAD developer Daniel Malley, with their app Glitch Effect Video, Photo Editor Grainy Effect (500,000 installs)

To back up our visual comparison findings, I decided to look through the APK files to see if there were any similarities on the technical level. Firstly, I discovered that the app names in the Play store are different than the app names once installed on the device. 

When looking at those, I discovered the first similarities, with three apps from the 2NAD developers Hudson Parker, ProCam – HD Camera, and Armel Bilton:

As you can see, these apps are exactly the same. The only difference is that the 2NAD app is flooded with ads, including interstitials after nearly every user interaction.

In a second case, I found another developer’s email address in Virgilo Malley’s Video Converter To MP3 Music & Audio MP3 Cutter:

This email address is connected to the app developer VideoMaster Tools. They have a similar video converter app, so I downloaded that one to compare the two apps.

On the left is the duplicate (cloned) app Video Converter To MP3 Music & Audio MP3 Cutter from the 2NAD developer Virgilo Malley. On the right, we have what we assume to be the authentic, non-2NAD Mp4 to Mp3 – Convert Video to Audio, Cut Ringtones from VideoMaster Tools:

The only things they changed were the colors and the placement of the ads.

Proof #5 Duplicate apps visible when analyzing APK files

To back up our visual comparison findings, I decided to look through the APK files to see if there were any similarities on the technical level. Firstly, I discovered that the app names in the Play store are different than the app names once installed on the device. 

When looking at those, I discovered the first similarities, with three apps from the 2NAD developers Hudson Parker, ProCam – HD Camera, and Armel Bilton:

When I placed these apps’ APK files side-by-side, I saw that the similarities didn’t stop there:

I discovered the same with call recorder apps from 2NAD developers Lukas Podolskies and Arrow Frankie.

Again, as you can see, their APKs matched:

Proof #6 Duplicate apps visible when comparing app UI

Lastly, we have a number of apps for which we can’t seem to find the original app developer, as we could in Proof #4. Instead, we have what appears to be a master template, of which many versions are created for different developers in the 2NAD network.

Here are some examples:

App Locker Fingerprint & Password, Gallery Locker by Kylian Mbapee (5 million installs) compared to App Locker With Password Fingerprint, Lock Gallery by Jacinto Macias (1 million installs):

Here, the apps are pretty much the same, except for slightly different colors and different icons.

Another matchup: Face Makeup Camera & Beauty Photo Makeup Editor by Alex Joe (10 million installs) compared to Nucie Cam: Beauty Selfie Camera With Photo Editor by Rusty Mari (500,000 installs):

When you have these kinds of connections slapping you in the face, it’s hard to ignore them.

The most important questions about 2NAD

There are three major questions then: why, how, and who? For all of these, we can only provide our best estimates.

How do they do it?

When we look at how it was done, there are two options:

  1. They are manually cloned
  2. They are cloned by some automatic process

For either option, we first assume that there aren’t just 27 developers. We found 27 app developers, but the current existing number is only known by the 2NAD organizers themselves. Beyond that, there are certainly developers that had been deleted from the 2NAD network in the few years it’s been around. Perhaps the number is around 30 in total at the moment, but may be 50 or even 100 in the entire existence of the network.

Given that, for option 1 we have to assume that for 30-100 developers, it would take a bit of manpower and would require perhaps 5-10 people. This includes not just finding apps to clone (or creating master templates to duplicate), but also the marketing and success of each app. For example, the Hudson Parker app Makeup Camera gained about 500,000 installs in the span of roughly 2 weeks. That didn’t happen by accident. 

 

However, since these apps are very lightly edited from their originals (simple changes in colors and buttons in the UI, and small details in the APKs), it’s very likely that it’s an automated process at some point. For this, we can assume that option 2 fits best, with some sort of automation also included into ranking the apps.

Why do they do it?

As for why, we can only guess. You may not like it for its lack of creativity, but the most obvious answer is that they’re doing it for money.

Specifically, they are adding so many ads at every single user interaction that it amounts to spam. Even now, our test device has the same spammy messages from all similar apps. The why then becomes easy: they get a large user base (~70 million and counting) by doing absolutely nothing out of their own initiative.

If it is an automated process to find popular apps to clone or to duplicate master template APKs, then it could be a matter of minutes or max an hour to change the small details. After that, it’s a process of getting the app approved and set up on the Play store, arranging the business side of things, and finalizing the details.

If it’s even a day for each app, it isn’t a lot of work for the ad revenue. So how much money could they be making?

Some estimates give $0.10 per banner ad click, $1-$3 for interstitial ads, and $5-$10 per video ad shown.

So let’s run some estimates based on these numbers. Our base estimate is that all the apps in the 2NAD network have the same amount of intrusive ads. At 65 million installs, and 10% are monthly active users, you’ll get 6.5 million per month. That comes out to almost 217,000 ad displays per day. If they’re all banner ads, that equals 3,255 banner clicks per day, which equals $325 per day and almost $10,000 per month.

Going through the ranges (and keeping everything else the same), that’s $3,255-$9765 per day (almost $293,000 per month) for interstitial ads. And for video ads, at $5-$10 per video shown? That’s $16,275-$32,550 per day, equaling $488,250-$976,500 per month.

Estimated monthly earnings, based on 6.5 million MAUs (monthly active users)

Of course, the real revenue is probably closer to the bottom than the top, but nonetheless, a range of $10,000 to nearly $1 million per month is not a bad hustle, especially for the little work done.

Who is behind the 2NAD network?

This is the biggest question we had, and the one for which we seem to have the least amount of answers. Because of some numbers in some of these 2NAD app pages (520000, 420000, 300000) we get what looks like Vietnamese postal codes. But honestly, that could mean anything.

Beyond that, we have details in the APK files that point us instead towards China (or at least the Chinese market):

2NAD Alex Joe’s only app:

There aren’t a lot of reasons to include China Telecom APIs in your app unless you’re operating in China. We see something similar with the apps from Rusty Mari/Virgilo Malley:

Nonetheless, we believe the 2NAD network to be operating from somewhere in Asia, which makes the revenue range even starker, given the lower cost of living in most Asian countries.

Of course, if they are Chinese, then we may have issues of privacy that often arise.

What to do next

My next advice is going to be very simple: delete them, delete them all.

This is not just because of a suspicion of bad behavior: this is because of the high likelihood of cloned or duplicated apps, apps that provide inferior experiences compared to the original apps.

Beyond that, we have no real idea of what these apps are doing, as we haven’t yet performed a deep analysis. For your edification, the list of 101 apps by the 2NAD app developers is as follows:

2NAD App developer    
App name

Daniel MalleyGlitch Effect Video, Photo Editor Grainy EffectDaniel MalleyMod for Minecraft, Mods For Minecraft Animals 2019
Daniel MalleyVoice Changer, Voice Recorder Editor With EffectsDaniel MalleySketch Photo Editor And Pencil Sketch ArtDaniel MalleyHoroscope 2019 With 12 Zodiac Sign Master
Alex JoeFace Makeup Camera & Beauty Photo Makeup EditorArrow FrankieVideo Editor With Music App, Video Maker Of PhotoArrow FrankieCall Recorder Automatic, Call Recording 2 WaysRusty MariScreen Recorder With Facecam & Audio, Video EditorRusty MariNucie Cam: Beauty Selfie Camera With Photo EditorWeldon HazeltinePDF Scanner Camera Scanner: JPG To PDF ConverterWeldon HazeltineApp Locker Fingerprint, PIN And Gallery LockerWeldon HazeltinePhoto Collage Maker And Picture Grid Art FrameWeldon HazeltineMetronome And Tuner For InstrumentWeldon HazeltineRelax Sound Sleep Music And Soothing SoundsJacinto MaciasCut And Paste Photo Editor With Background EraserJacinto MaciasScreen Recorder With Audio And Facecam, ScreenshotJacinto MaciasApp Locker With Password Fingerprint, Lock GalleryJacinto MaciasVideo Maker With Music Photos, Video Effects AppJacinto MaciasPhoto Collage Maker And Picture Grid, Photo LayoutJacinto MaciasVideo Editor, Video Maker With Music Photos & TextFlavia SleemanVideo Editor With Music And Effects & Video MakerFlavia SleemanCut And Paste Photo Editor To Change BackgroundFlavia SleemanScreen Recorder, Game Recorder With Facecam, AudioFlavia SleemanJPG To PDF Converter With Camera Scanner To PDFFlavia SleemanBubble Level Ruler With Inclinometer FreeDouglas MoraceRAR File Extractor And ZIP Opener, ZIP RAR CreatorDouglas MoraceAutomatic Call Recorder Incoming And Outgoing AppDouglas MoraceApp Locker With Password, Photo Gallery LockerDouglas MoraceColor Call Screen Themes With Flash On CallDulcie LawingGlitch Effect Video Editor And Vhs Effect PhotoDulcie LawingInternet Browser Private To Download Videos HDDulcie LawingDual Account Double Space, Multi Account AppDulcie LawingAlarm Pill Reminder, Medical Reminder And TrackerDulcie LawingPixel Art Color By Number & Sandbox Coloring GameDulcie LawingPeriod Tracker, Menstruation & Ovulation CalendarKylian MbapeeCall Screen Themes With Flashlight On CallKylian MbapeeApp Locker Fingerprint & Password, Gallery LockerProCam – HD CameraVideo Player All Format 2019 With Media Player AppProCam – HD CameraPhoto Collage Maker And Photo Grid 2019 NewProCam – HD CameraVideo Editor Of Photos, Video Recorder With MusicProCam – HD CameraMP3 Music Player, MP3 Cutter Ringtones MakerProCam – HD CameraBeauty Camera, Makeup Photo Editor And MakeoverProCam – HD CameraPIP Photo Editor With PIP Camera Photo Maker 2019Evan WellSchool Hairstyles Step By Step, Braiding HairstyleEvan WellPixel Art Color By Number 2019 & Sandbox ColoringEvan WellJigsaw Puzzles For Adults And Picture PuzzlesEvan WellFlower Drawing Step By Step With Mandala ColoringEvan WellPhoto Editor With Square Blur Pic, Slim BodyEvan WellVlog Editor And Video Maker With Music PhotosSamuels DynamoBattery Charger With Battery Saver And OptimizerSamuels DynamoMemory Booster And Cleaner With Ram OptimizerSamuels DynamoVolume Booster and Equalizer, MP3 Music PlayerSamuels DynamoPhone Cooler Master And CPU Cooling 2020Fruit VPN – Better Connect  Kiwi VPN Connection For IP Changer, Unblock SitesCarrie WatersVolume Booster & Sound Enhancer Music PlayerCarrie WatersCooler Master CPU Cooling, Free Phone CoolerCarrie WatersAntivirus Cleaner Mobile Security & App LockerAntoine KenyonInternet Speed Test Meter And WiFi Test SpeedAntoine KenyonPerfect VPN Proxy To Unblock Sites With IP ChangerAntoine KenyonData Saver And Data Manager To Control Data UsageAntoine KenyonGoFox – Incognito Browser And Private Web BrowserDarry CowllyRunning Tracker With Step Counter And CaloriesDarry CowllyButtocks Workout: 30 Day Workout & Diet ChallengeGaspard AdenAutomatic Call Recorder Both Sides To Record CallsGaspard AdenApp Locker With Password Fingerprint, Lock PatternAlfred PersenVolume Booster Music Player And Sound BoosterHwan SeonQR Code Scanner & Barcode Reader, Product CheckerHwan SeonAssistive Touch: Easy Touch With Control CenterHwan SeonVoice Recorder And Editor With Cut Recorded AudioVirgilo MalleyVideo Slideshow With Music And Photos, Video MakerVirgilo MalleyBeauty Camera Makeup Face Selfie, Photo Editor
Virgilo MalleyCut Photo Editor Background Changer, Photo FiltersVirgilo MalleyVintage Camera With Photo Editor Filters & EffectHudson ParkerScreen Recorder With Facecam & Screenshot CaptureHudson ParkerVideo Editor, Video Maker With Music Photos & TextHudson ParkerMakeup Camera and Beauty Makeover Photo EditorHudson ParkerPixel Art Color By Number & Sandbox Coloring PagesWilfred WessnerCPU Phone Cooler To Cool Down Phone Temperature
Wilfred WessnerUltraShark VPN – Free Proxy Server & Secure VPN
Wilfred WessnerCaller Screen Themes With Color Call Flash ScreenAdaline GarrawayVideo Maker: Video Editor With Music And SlideshowAdaline GarrawayMath Solver With Steps & Graphing Calculator
Adaline GarrawayEmoji Keyboard Themes & Color Fancy Keyboard
Adaline GarrawaySlow Motion Video Editor & Fast Speed Video Maker
Adaline GarrawayGraphing Calculator And Equation Solver Calculator
Armel BiltonApp Locker With Password Fingerprint, Photo Locker
Armel BiltonVideo Maker Of Photos & Effects, Slow Motion VideoLukas PodolskiesVideo Creator With Music & Video Maker Of Photos
Lukas PodolskiesMath Solver Camera With Equation Calculator
Lukas PodolskiesMods For MCPE, Maps For Minecraft PE FreeLukas PodolskiesAutomatic Call Recorder Incoming And Outgoing CallLukas PodolskiesFake Caller With Prank Calling & Call SimulatorLukas PodolskiesBuilder For Minecraft With Minecraft HouseLukas Podolskies30 Day Challenge Workouts For Women, Weight LossNoble GraciousRAR File Extractor And ZIP Opener, File CompressorNoble GraciousScreen Recorder With Audio And Facecam & Editor
Noble GraciousVideo Maker: Video Creator With Music And Photos
Noble GraciousMakeup Photo Editor With Auto Makeup CameraNoble GraciousFile Transfer To Another Phone And Share Anything

Noble GraciousVoice Recorder Editor And HD Audio Recording

The article was updated on May 14 to list all 101 apps within this network.

News Reporter

Leave a Reply

Your email address will not be published. Required fields are marked *